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1 • A method for cryptographically converting a digital input block into a 

digital output block; said conversion comprising the step of merging a selected part Ml of 
said digital input block with a first key Kl and producing a data block Bl which non-linearly 
depends on said selected part Ml and said first key Kl, and where a selected part of said 
digital output block is derived from said data block Bl, 

characterised in that said merging step is performed by executing a non-linear function g for 
non-linearly merging said selected part Ml and said first key Kl in one, sequentially insep- 
arable step. 

2. A method as clauned in claim 1, wherein said method comprises the steps 
of: 

splitting said digital mput block into said selected part M 1 and a second part 
M2 before executing said merging step; 

executing a non-linear function g"* to merge said second block M2 with a 
second key K2 in one, sequentially inseparable step, producing a data block B2 as output; 
said non-linear function g"^ being the inverse of said non-linear function g; and 

forming combined data from data in said data block Bl and in said data block 
B2; said digital output block being derived from said combined data. 

3. A method as claimed in claim 1, wherein said merging step comprises the 
steps of: 

splitting said selected part Ml in a first plurality n of sub-blocks mo,..,m„., of 
substantially equal length; 

splitting said first key Kl in said first plurality n of sub-keys ko,..,k„.,, substan- 
tially having equal length, the sub-key k, corresponding to the sub-block m,, for i = 0 to n-1; 
and 

separately processing each of said sub-blocks m, by executing for each of said 
sub-blocks m; a same non-linear function h for non-linearly merging a sub-block b, derived 
from said sub-block m; with said corresponding sub-key Iq in one, sequentially inseparable 
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^ step and producing said first plurality of output sub-blocks h(bi, k,); and 

combining sub-blocks t; derived from said first plurality of said output sub- 
blocks h(bi, k,) to form said data block Bl. 

5 4. A method as claimed in claim 2 and 3, wherein said step of executing said 

non-linear function g"^ comprises the steps of: 

splitting said second part M2 in said first plurality n of sub-blocks m„,..,m2n.i, 
substantially having equal length; 

splitting said key K2 in said fu-st plurality n of sub-keys k„,..,k2n.i, substantially 
10 having equal length, the sub-key k; corresponding to the sub-block nij, for i = n to 
2n-l; 

executing for each of said sub-blocks m; a same non-linear function h"' for non- 
linearly merging a sub-block bj derived from said sub-block m; with said corresponding sub- 
key kj and producing said fu-st plurality of an output sub-block h-'(bi, k,); said function h"^ 
15 being the inverse of said function h; and 

combining sub-blocks t; derived from said first plurality of output sub-blocks 
h"'(bi, ki) to form said data block B2. 

- 5. A method as claimed in claim 3, wherein said sub-block b^ is derived 

20 from said sub-block m; by bit-wise adding a constant p; to said sub-block m;, said constant p, 
substantially having equal length as said sub-block m^. 

6- A method as claimed in claun 3, characterised in that said function h(bpk^) 

is defined by: 

25 h(bi,k,) = {h,.ky, if b, 7^ 0, k, 0, and b, k, 

h(bi,k,) = (k,)-^ ifbi = 0 

h(bi.k,) = (q,)-^ if ki = 0 

h(bi,k,) = 0, if b, = ki, 

where the multiplication and inverse operations are predetermined Galois Field multiplication 
30 and inverse operations. 



7- A method as claimed in claim 6, wherein deriving said sub-blocks t, from 

said output sub-blocks h(bi, k,) comprises bit- wise adding a constant d^ to said output sub- 
block'h(bj,ki), said constant dj substantially having equal length as said sub-block m^. 



'8- A method as claimed in claim 7, wherein deriving said sub-blocks t, from 

said output sub-blocks h(b., k,) further comprises raising h(b„k,) © d, to a power 1\ using 
said predetermined Galois Field multiplication. 

5 9. A method as claimed in claun 6, wherein deriving said sub-blocks t; from 

said output sub-blocks h(bi, k^) comprises raising said output sub-block h(bi,k,) to a power 2', 
using said predetermined Galois Field (GF) multiplication. 

10- A method as clauned in claim 4, wherein said combined data is formed 

10 by: 

swapping the sub-blocks t^ and i^n-u, for i = 0 to n-1; and 
t - concatenating the swapped sub-blocks. 

l; 11- A method as claimed in claim 6, wherein said sub-block m^ comprises 

: 15 eight data bits, and wherein said multiply mg of two elements b and c of GF(2*) comprises 
^: executing a series of multiplications and additions m GF(2^). 

12. A method as clauned in claim 11, wherein said multiplying of said two 

/ elements b and c comprises: 

20 - representing b as a^ + aj.D and c as a2 + aj.D, where ao, a,, a^ and a3 are 

elements of GF(2'*), and where D is an element of GF(2*) defined as a root of an irreducible 
polynomial k(x) = + x + ^ over GF(2''), where j3 is an element of GF(2'^); and 
calculating (a^aj + ^L^di^^) + (ajaj + aoa3 + a,a3).D. 

25 13. A method as clauned in claim 12, wherein jS is a root of an irreducible 

polynomial h(x) = x'* + x^ + x^ + x 4- 1 over GF(2). 

14. A method as clauned in claim 6, wherein said sub-block m^ comprises 

eight data bits, and wherein calculating the inverse of an element b of GF(2^) comprises 
30 performing a series of calculations in GFCZ'*). 



15- A method as claimed in claim 14, wherein calculating the inverse of said 

element b comprises: 

representing b as ao + a,.D, where a^ and a, are elements of GF(2''), and where 
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- D is an element of GF(2*) defined as a root of an irreducible polynomial k(x) = x-^ + x + j3 
over GF(2'*), where is an element of GF(2'*); and 

calculating (a^^ + a^a] + ai^/3)''((a(j + a,) + ajD). 



5 16. An apparatus for crypto graphically converting a digital input block into a 

digital output block; said apparatus comprising: 

first input means for obtaining said digital input block; 
second input means for obtaining a first key Kl; 

cryptographic processing means for converting the digital input block into the 
10 digital output block; said conversion comprising merging a selected part Ml of said digital 
input block with said first key Kl and producing a data block Bl which non-Iinearly depends 
on said selected part Ml and said first key Kl, and where a selected part of said digital 
output block is derived from said data block Bl; and 

output means for outputting said digital output block, 
15 characterised in that said cryptographic processing means is arranged to perform said 

merging by executing a non-linear function g for non-linearly merging said selected part Ml 
and said first key Kl m one, sequentially inseparable step. 

17. An apparatus as claimed in claim 16, wherein said apparams comprises 

'20 third input means for obtaining a second key K2, and wherein said conversion comprises: 
splitting said digital input block into said selected part Ml and a second part 
M2 before performing said merging; 

executing a non-linear function g"' to merge said second block M2 with said 
second key K2 in one, sequentially inseparable step, producing a data block B2 as output; 
25 said non-linear function g"' being the inverse of said non-linear function g; and 

forming combined data from data in said data block Bl and in said data block 
B2; said digital output block being derived from said combined data. 



18. An apparams as claimed in claim 16, wherein said merging step com- 

30 prises the steps of: 

splitting said selected part Ml in a first plurality n of sub-blocks mo,..,mn., of 
substantially equal length; 

splitting said first key Kl in said first plurality n of sub-keys ko,..,kn.i, substan- 
tially having equal length, the sub-key k; corresponding to the sub-block m,, for i = 0 to n-1; 
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■ and 

separately processing each of said sub-blocks m, by executing for each of said 
sub-blocks m, a same non-linear function h for non-linearly merging a sub-block b; derived 
from said sub-block m, with said corresponding sub-key k, in' one, sequentially inseparable 
step and producing said &st plurality of output sub-blocks h(bi, k,); and 

combining sub-blocks t, derived from said first plurality of said output sub- 
blocks h(bj, ki) to form said data block Bl. 



19. An apparatus as claimed in claim 18, characterised in that said function 

h(bi,lq) is defined by: 

h(bi,ki) = (bi.ki)-', if bi ?i 0, ki ?i 0, andh, 9^ k, 

h(bi,k.) = (ki)-^ ifbi = 0 

h(bi,ki) = (bi)-^ ifk, =0 

h(bi,k,) = 0, if bi = ki, 

where the multiplication and inverse operations are predetermined Galois Field multiplication 
and inverse operations. 



20. An apparatus as claimed in claun 19, wherein said sub-block mj comprises 

eight data bits, and wherein said multiplymg of two elements b and c of GF(2^) comprises: 

representing b as -f- aj.D and c as aj -i- aj.D, where a^, a.^, a^ ^3 are 
elements of GF(2'*), and where D is an element of GF(2^) defined as a root of an irreducible 
polynomial k(x) = + x -I- jS over GF(2^), where /5 is an element of GF(2^); and 

calculating (a^az -f- ajajiS) + (a^a^ + + a,a3).D; 
and wherein calculating the inverse of an element b of GF(2*) comprises calculating (ao^ + 
aoai + a,^j3)-'((ao + a,) + ajD). 



